How to Buy
This script is Copyright (C) 2012-2017 Tenable Network Security, Inc.
The remote Mac OS X host contains a mail client that is potentially
affected by several vulnerabilities.
The installed version of Thunderbird is earlier than 15.0 and thus,
is potentially affected by the following security issues :
- An error exists related to 'Object.defineProperty'
and the location object that could allow cross-site
scripting attacks. (CVE-2012-1956)
- Unspecified memory safety issues exist. (CVE-2012-1970,
- Multiple use-after-free errors exist. (CVE-2012-1972,
CVE-2012-1973, CVE-2012-1974, CVE-2012-1975,
CVE-2012-1976, CVE-2012-3956, CVE-2012-3957,
CVE-2012-3958, CVE-2012-3959, CVE-2012-3960,
CVE-2012-3961, CVE-2012-3962, CVE-2012-3963,
- An error exists related to bitmap (BMP) and icon (ICO)
file decoding that can lead to memory corruption,
causing application crashes and potentially arbitrary
code execution. (CVE-2012-3966)
- A use-after-free error exists related to WebGL shaders.
- A buffer overflow exists related to SVG filters.
- A use-after-free error exists related to elements
having 'requiredFeatures' attributes. (CVE-2012-3970)
- A 'Graphite 2' library memory corruption error exists.
- An XSLT out-of-bounds read error exists related to
- The DOM parser can unintentionally load linked
resources in extensions. (CVE-2012-3975)
- Security checks related to location objects can be
bypassed if crafted calls are made to the browser
chrome code. (CVE-2012-3978)
- Calling 'eval' in the web console can allow injected
code to be executed with browser chrome privileges.
See also :
Upgrade to Thunderbird 15.0 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true
Family: MacOS X Local Security Checks
Nessus Plugin ID: 61713 ()
Bugtraq ID: 552495525755260552645526655274552765527855292553045530655310553115531455316553175531855319553205532155322553235532455325553405534155342
CVE ID: CVE-2012-1956CVE-2012-1970CVE-2012-1971CVE-2012-1972CVE-2012-1973CVE-2012-1974CVE-2012-1975CVE-2012-1976CVE-2012-3956CVE-2012-3957CVE-2012-3958CVE-2012-3959CVE-2012-3960CVE-2012-3961CVE-2012-3962CVE-2012-3963CVE-2012-3964CVE-2012-3966CVE-2012-3968CVE-2012-3969CVE-2012-3970CVE-2012-3971CVE-2012-3972CVE-2012-3975CVE-2012-3978CVE-2012-3980
Get Nessus Professional to scan unlimited IPs, run compliance checks & more
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.